@auth/core
Advanced tools
Comparing version 0.2.4 to 0.2.5
@@ -11,3 +11,4 @@ import * as o from "oauth4webapi"; | ||
let as; | ||
if (!url) { | ||
// Falls back to authjs.dev if the user only passed params | ||
if (!url || url.host === "authjs.dev") { | ||
// If url is undefined, we assume that issuer is always defined | ||
@@ -32,6 +33,3 @@ // We check this in assert.ts | ||
...provider.authorization?.params, | ||
}, // Defaults | ||
Object.fromEntries(authParams), // From provider config | ||
query // From `signIn` call | ||
); | ||
}, Object.fromEntries(provider.authorization?.url.searchParams ?? []), query); | ||
for (const k in params) | ||
@@ -38,0 +36,0 @@ authParams.set(k, params[k]); |
@@ -18,3 +18,6 @@ import * as o from "oauth4webapi"; | ||
let as; | ||
if (!provider.token?.url && !provider.userinfo?.url) { | ||
const { token, userinfo } = provider; | ||
// Falls back to authjs.dev if the user only passed params | ||
if ((!token?.url || token.url.host === "authjs.dev") && | ||
(!userinfo?.url || userinfo.url.host === "authjs.dev")) { | ||
// We assume that issuer is always defined as this has been asserted earlier | ||
@@ -33,5 +36,5 @@ // eslint-disable-next-line @typescript-eslint/no-non-null-assertion | ||
as = { | ||
issuer: provider.issuer ?? "https://a", | ||
token_endpoint: provider.token?.url.toString(), | ||
userinfo_endpoint: provider.userinfo?.url.toString(), | ||
issuer: provider.issuer ?? "https://authjs.dev", | ||
token_endpoint: token?.url.toString(), | ||
userinfo_endpoint: userinfo?.url.toString(), | ||
}; | ||
@@ -89,6 +92,6 @@ } | ||
} | ||
if (provider.userinfo?.request) { | ||
profile = await provider.userinfo.request({ tokens, provider }); | ||
if (userinfo?.request) { | ||
profile = await userinfo.request({ tokens, provider }); | ||
} | ||
else if (provider.userinfo?.url) { | ||
else if (userinfo?.url) { | ||
const userinfoResponse = await o.userInfoRequest(as, client, tokens.access_token); | ||
@@ -95,0 +98,0 @@ profile = await userinfoResponse.json(); |
@@ -25,5 +25,5 @@ import { merge } from "./utils/merge.js"; | ||
} | ||
// TODO: Also add discovery here, if some endpoints/config are missing. | ||
// We should return both a client and authorization server config. | ||
function normalizeOAuth(c) { | ||
if (!c) | ||
return {}; | ||
if (c.issuer) | ||
@@ -55,3 +55,3 @@ c.wellKnown ?? (c.wellKnown = `${c.issuer}/.well-known/openid-configuration`); | ||
function normalizeEndpoint(e, issuer) { | ||
if (!e || issuer) | ||
if (!e && issuer) | ||
return; | ||
@@ -61,12 +61,13 @@ if (typeof e === "string") { | ||
} | ||
// If v.url is undefined, it's because the provider config | ||
// If e.url is undefined, it's because the provider config | ||
// assumes that we will use the issuer endpoint. | ||
// The existence of either v.url or provider.issuer is checked in | ||
// assert.ts | ||
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion | ||
const url = new URL(e.url); | ||
// eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion | ||
for (const k in e.params) | ||
url.searchParams.set(k, e.params[k]); | ||
return { ...e, url }; | ||
// The existence of either e.url or provider.issuer is checked in | ||
// assert.ts. We fallback to "https://authjs.dev" to be able to pass around | ||
// a valid URL even if the user only provided params. | ||
// NOTE: This need to be checked when constructing the URL | ||
// for the authorization, token and userinfo endpoints. | ||
const url = new URL(e?.url ?? "https://authjs.dev"); | ||
for (const k in e?.params) | ||
url.searchParams.set(k, e?.params[k]); | ||
return { url, request: e?.request }; | ||
} |
@@ -5,3 +5,3 @@ import { handleLogin } from "../callback-handler.js"; | ||
import { createHash } from "../web.js"; | ||
import { handleAuthorized } from "./shared.js"; | ||
import { getAdapterUserFromEmail, handleAuthorized } from "./shared.js"; | ||
/** Handle callbacks from login services */ | ||
@@ -114,5 +114,6 @@ export async function callback(params) { | ||
// @ts-expect-error -- Verified in `assertConfig`. | ||
const profile = await getAdapterUserFromEmail(identifier, adapter); | ||
const user = await getAdapterUserFromEmail(identifier, adapter); | ||
const account = { | ||
providerAccountId: profile.email, | ||
providerAccountId: user.email, | ||
userId: user.id, | ||
type: "email", | ||
@@ -122,17 +123,17 @@ provider: provider.id, | ||
// Check if user is allowed to sign in | ||
const unauthorizedOrError = await handleAuthorized({ user: profile, account }, options); | ||
const unauthorizedOrError = await handleAuthorized({ user, account }, options); | ||
if (unauthorizedOrError) | ||
return { ...unauthorizedOrError, cookies }; | ||
// Sign user in | ||
const { user, session, isNewUser } = await handleLogin(sessionStore.value, profile, account, options); | ||
const { user: loggedInUser, session, isNewUser, } = await handleLogin(sessionStore.value, user, account, options); | ||
if (useJwtSession) { | ||
const defaultToken = { | ||
name: user.name, | ||
email: user.email, | ||
picture: user.image, | ||
sub: user.id?.toString(), | ||
name: loggedInUser.name, | ||
email: loggedInUser.email, | ||
picture: loggedInUser.image, | ||
sub: loggedInUser.id?.toString(), | ||
}; | ||
const token = await callbacks.jwt({ | ||
token: defaultToken, | ||
user, | ||
user: loggedInUser, | ||
account, | ||
@@ -162,3 +163,3 @@ isNewUser, | ||
} | ||
await events.signIn?.({ user, account, isNewUser }); | ||
await events.signIn?.({ user: loggedInUser, account, isNewUser }); | ||
// Handle first logins on new accounts | ||
@@ -165,0 +166,0 @@ // e.g. option to send users to a new account landing page on initial login |
@@ -23,3 +23,3 @@ import emailSignin from "../email/signin.js"; | ||
providerAccountId: email, | ||
userId: email, | ||
userId: user.id, | ||
type: "email", | ||
@@ -26,0 +26,0 @@ provider: provider.id, |
{ | ||
"name": "@auth/core", | ||
"version": "0.2.4", | ||
"version": "0.2.5", | ||
"description": "Authentication for the Web.", | ||
@@ -23,3 +23,3 @@ "keywords": [ | ||
"Lluis Agusti <hi@llu.lu>", | ||
"Thang Huu Vu <thvu@hey.com>", | ||
"Thang Huu Vu <hi@thvu.dev>", | ||
"Iain Collins <me@iaincollins.com" | ||
@@ -26,0 +26,0 @@ ], |
@@ -25,3 +25,4 @@ import * as o from "oauth4webapi" | ||
if (!url) { | ||
// Falls back to authjs.dev if the user only passed params | ||
if (!url || url.host === "authjs.dev") { | ||
// If url is undefined, we assume that issuer is always defined | ||
@@ -52,5 +53,5 @@ // We check this in assert.ts | ||
...provider.authorization?.params, | ||
}, // Defaults | ||
Object.fromEntries(authParams), // From provider config | ||
query // From `signIn` call | ||
}, | ||
Object.fromEntries(provider.authorization?.url.searchParams ?? []), | ||
query | ||
) | ||
@@ -57,0 +58,0 @@ |
@@ -34,3 +34,8 @@ import * as o from "oauth4webapi" | ||
if (!provider.token?.url && !provider.userinfo?.url) { | ||
const { token, userinfo } = provider | ||
// Falls back to authjs.dev if the user only passed params | ||
if ( | ||
(!token?.url || token.url.host === "authjs.dev") && | ||
(!userinfo?.url || userinfo.url.host === "authjs.dev") | ||
) { | ||
// We assume that issuer is always defined as this has been asserted earlier | ||
@@ -58,5 +63,5 @@ // eslint-disable-next-line @typescript-eslint/no-non-null-assertion | ||
as = { | ||
issuer: provider.issuer ?? "https://a", // TODO: review fallback issuer | ||
token_endpoint: provider.token?.url.toString(), | ||
userinfo_endpoint: provider.userinfo?.url.toString(), | ||
issuer: provider.issuer ?? "https://authjs.dev", // TODO: review fallback issuer | ||
token_endpoint: token?.url.toString(), | ||
userinfo_endpoint: userinfo?.url.toString(), | ||
} | ||
@@ -148,5 +153,5 @@ } | ||
if (provider.userinfo?.request) { | ||
profile = await provider.userinfo.request({ tokens, provider }) | ||
} else if (provider.userinfo?.url) { | ||
if (userinfo?.request) { | ||
profile = await userinfo.request({ tokens, provider }) | ||
} else if (userinfo?.url) { | ||
const userinfoResponse = await o.userInfoRequest( | ||
@@ -153,0 +158,0 @@ as, |
@@ -48,7 +48,7 @@ import { merge } from "./utils/merge.js" | ||
// TODO: Also add discovery here, if some endpoints/config are missing. | ||
// We should return both a client and authorization server config. | ||
function normalizeOAuth( | ||
c?: OAuthConfig<any> | OAuthUserConfig<any> | ||
c: OAuthConfig<any> | OAuthUserConfig<any> | ||
): OAuthConfigInternal<any> | {} { | ||
if (!c) return {} | ||
if (c.issuer) c.wellKnown ??= `${c.issuer}/.well-known/openid-configuration` | ||
@@ -88,16 +88,16 @@ | ||
): OAuthConfigInternal<any>[OAuthEndpointType] { | ||
if (!e || issuer) return | ||
if (!e && issuer) return | ||
if (typeof e === "string") { | ||
return { url: new URL(e) } | ||
} | ||
// If v.url is undefined, it's because the provider config | ||
// If e.url is undefined, it's because the provider config | ||
// assumes that we will use the issuer endpoint. | ||
// The existence of either v.url or provider.issuer is checked in | ||
// assert.ts | ||
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion | ||
const url = new URL(e.url!) | ||
// eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion | ||
for (const k in e.params) url.searchParams.set(k, e.params[k] as any) | ||
return { ...e, url } | ||
// The existence of either e.url or provider.issuer is checked in | ||
// assert.ts. We fallback to "https://authjs.dev" to be able to pass around | ||
// a valid URL even if the user only provided params. | ||
// NOTE: This need to be checked when constructing the URL | ||
// for the authorization, token and userinfo endpoints. | ||
const url = new URL(e?.url ?? "https://authjs.dev") | ||
for (const k in e?.params) url.searchParams.set(k, e?.params[k]) | ||
return { url, request: e?.request } | ||
} |
@@ -5,3 +5,3 @@ import { handleLogin } from "../callback-handler.js" | ||
import { createHash } from "../web.js" | ||
import { handleAuthorized } from "./shared.js" | ||
import { getAdapterUserFromEmail, handleAuthorized } from "./shared.js" | ||
@@ -14,2 +14,3 @@ import type { AdapterSession } from "../../adapters.js" | ||
InternalOptions, | ||
Account, | ||
} from "../../types.js" | ||
@@ -177,6 +178,7 @@ import type { Cookie, SessionStore } from "../cookie.js" | ||
// @ts-expect-error -- Verified in `assertConfig`. | ||
const profile = await getAdapterUserFromEmail(identifier, adapter) | ||
const user = await getAdapterUserFromEmail(identifier, adapter) | ||
const account = { | ||
providerAccountId: profile.email, | ||
const account: Account = { | ||
providerAccountId: user.email, | ||
userId: user.id, | ||
type: "email" as const, | ||
@@ -188,3 +190,3 @@ provider: provider.id, | ||
const unauthorizedOrError = await handleAuthorized( | ||
{ user: profile, account }, | ||
{ user, account }, | ||
options | ||
@@ -196,19 +198,18 @@ ) | ||
// Sign user in | ||
const { user, session, isNewUser } = await handleLogin( | ||
sessionStore.value, | ||
profile, | ||
account, | ||
options | ||
) | ||
const { | ||
user: loggedInUser, | ||
session, | ||
isNewUser, | ||
} = await handleLogin(sessionStore.value, user, account, options) | ||
if (useJwtSession) { | ||
const defaultToken = { | ||
name: user.name, | ||
email: user.email, | ||
picture: user.image, | ||
sub: user.id?.toString(), | ||
name: loggedInUser.name, | ||
email: loggedInUser.email, | ||
picture: loggedInUser.image, | ||
sub: loggedInUser.id?.toString(), | ||
} | ||
const token = await callbacks.jwt({ | ||
token: defaultToken, | ||
user, | ||
user: loggedInUser, | ||
account, | ||
@@ -241,3 +242,3 @@ isNewUser, | ||
await events.signIn?.({ user, account, isNewUser }) | ||
await events.signIn?.({ user: loggedInUser, account, isNewUser }) | ||
@@ -244,0 +245,0 @@ // Handle first logins on new accounts |
@@ -36,3 +36,3 @@ import emailSignin from "../email/signin.js" | ||
providerAccountId: email, | ||
userId: email, | ||
userId: user.id, | ||
type: "email", | ||
@@ -39,0 +39,0 @@ provider: provider.id, |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
653617
16938